"The PC-BSD team is pleased to announce the availability of PC-BSD 1.4 (da Vinci edition)! This release is made available via the efforts of many developers and testers, who have spent the past months refining and improving upon the core PC-BSD experience." This release comes with Xorg 7.2, KDE 3.5.7, Compiz-Fusion 0.5.2, support for Flash7, and much more. There are release notes, a changelog, and downloads.

9/10ths of the time, having a GUI to configure a web service is not a good thing. Apache/(s)FTP/etc... is far too easy a thing to screw up for configuration to be taken lightly. The inclusion of a GUI encourages just any idiot to have a go, rather that someone who sits down and learns what all the implications of what each configuration command are. And in this climate of worldwide botnets and identity theft, everyone has a responsibility to everyone else to properly secure their networks

Maybe you're right. But many of todays GUIs don't do that, and probably never will, And having used webmin and various samba GUIs, I know that to make a usable GUI, you have to abstract the raw configuration options somewhat. Thus when you start from a secure default, and select various neccessary options in the GUI, you have no real idea exactly what config statements have been set, even if you understand the config syntax backwards. And in my experince, it is very easy for two GUI settings to conflict and inadvertantly open up a security hole.

"And in this climate of worldwide botnets and identity theft, everyone has a responsibility to everyone else to properly secure their networks"

Responsibility... :-) Yes, you have a valid point here. But unfortunately, problems don't hurt its creators / supporters too much in order to be taken seriously. This is due to the shrinking difference between user and administrator which causes means of security to be abandoned step by step in order to increase individual feelings of comfort and safeness.

But unfortunately, problems don't hurt its creators / supporters too much in order to be taken seriously.

From creators point of view per definition true otherwise they wouldn't create.

From the end users point of view nonsense, if your PC is infested with malignent activity so too speak and tries to infect other peoples PC's on the subnet the chance is great your internet connection is (temporarily ) cut off. That must make you as user more aware.

You don't want to know how many customers we had to shut off due to spamming. I know this because i used to work for a big ISP.

This is due to the shrinking difference between user and administrator which causes means of security to be abandoned step by step in order to increase individual feelings of comfort and safeness.

I'm curious to know where specific ( an example?) the difference between the user and admin is schrinking?

security to be abandoned step by step in order to increase individual feelings of comfort and safeness.

Tell me who is 100% safe on the internet.
Hundred percent secure is an utopia. Security is a process with a awfull lot of facets. Even the most talented security practitioners can become the victim themselves. Thereis little you can do against a 0day and at the same time maintain a satisfiable amount of usability.

Anxiety is good for the sales figures.
About time vapourware is been brought more into the spotlight. Especially to expose the good,the bad and the ugly amongst security tools,practices,procedures.

"9/10ths of the time, having a GUI to configure a web service is not a good thing."

yeah, I think 9/10ths of the time doing it with a text editor is not a good thing.... far to convenient and easy a thing to screw up. Sudddenly everyone thinks they can configure a service. I suggest we get rid of all GUI's and text editors.

Mice really need to go. They enable all kinds of crazyness. Then replace all keyboards with just a zero or one.

Your sarcasm is misplaced. I don't dispise GUIs, I use a nice modded version of XP for day-to-day work and for 95% of computer usage, graphical tools are good.

But for security critical applications that are based on textual configuration files, abstracting the configuration is A BAD THING. A bit like relying on autopilot for airplanes. It's ok ONLY as long as you have a fully qualified pilot sitting ready to get his/her hands dirty.